Jump to content
Dirty Butter

Disabled Customer Still Ordered

Recommended Posts

Based on the whole layout of the information, I assumed a recent unpaid order was not legitimate and cancelled it. I then disabled the customer, but did not delete it.

Today, the same person ordered and paid with PayPal for what appears to be a legitimate order.

I was surprised - I thought un-checking the Status entry on the Customers list would keep the customer from being able to login. They did change the delivery address for the order to a USA address. But the default delivery address is still to a country we do not do business with. We have refused orders from re-shippers before trying to send toys to Korea. South Korean businesses have a reputation for buying a toy, copying it, and selling in online stores as the genuine article. Our post master advised against sending toys to them.

Should the unchecked customer have been able to login again or is this a bug?

Share this post


Link to post
Share on other sites

Disabling the customer will stop them from logging in again but a possible explanation for this is that the customer never logged out and so still had an active session and so did not actually need to login again. There is a good argument that disabling a customer should automatically terminate any active sessions and many other systems have a way of terminating active login sessions manually as well.  Would be worthwhile adding this as a bug / feature request to github and reference this thread

Share this post


Link to post
Share on other sites

Good - this person is very upset with me LOL - I refunded payment, and they, in broken English and Korean signature, complained.

Edited by Dirty Butter

Share this post


Link to post
Share on other sites

I think this is a specific situation. I like the idea of deleting the session however I think this may be an Express Checkout specific bug. Investigating.....

Share this post


Link to post
Share on other sites

Hmm how did you manage this then!? Express logs in based on proven email ownership. Standard doesn't.

Do you know how to make this happen?

Share this post


Link to post
Share on other sites

I created a fake account. Logged out of Admin and logged back in. I then disabled the Account, but left Store FireFox browser tab still open. I then went to the store front tab and tried to open the account to make a purchase. I CORRECTLY received the Invalid User Name/Password. So I tried to make a new account using the same fake information. This time when I tried to continue with checkout I received the "Email address is already in use" warning, as expected.

Then I emptied Cache in Admin and tried the same thing again, but opening the store from the Chrome browser. Admin is open in FireFox with Store open only in Chrome. All error messages are as they should be.

SO I cannot reproduce it, unless you can tell me a different series of actions to try.

PS - just in case it is meaningful - I have tried Express sometime in the past - could there be some database config entry leftover that is confusing the situation?

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...